Disallow ldap user to log to specific server

Support for security such as Firewalls and securing linux

Disallow ldap user to log to specific server

Postby TONAY » 2012/01/06 13:12:07

I've set up an openldap server and created some posix accounts in it. The clients are CentOS & RedHat servers. All the users defined in the ldap are able to log on any client and that's my problem.

Some of the users should be able to log only on some clients not all of them. Here is an example:

a few users : User1, User2, User3
a few clients : server1, server2, server3.

Now every users can connect on every clients, what i want is :
User1, User3 can connect on every server
User2 can only connect on server2

Is there a way to do that ? Maybe is there an attribute where i could put a list of allowed servers for a posixaccount ?

Regards
TONAY
 
Posts: 2
Joined: 2012/01/06 13:03:39

Disallow ldap user to log to specific server

Postby jlehtone » 2012/01/07 13:28:24

I think there is a "host" ldap attribute in some account schema, but it requires
that the pam (in /etc/ldap.conf) in each server has been told to check that
attribute.

Start by reading the comments from the /etc/ldap.conf. Or have you moved
on to using the sssd?
User avatar
jlehtone
 
Posts: 1431
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Disallow ldap user to log to specific server

Postby TONAY » 2012/01/10 08:32:41

I haven't move to sssd yet ... I'll look for the host attribute.

Thx
TONAY
 
Posts: 2
Joined: 2012/01/06 13:03:39

Re: Disallow ldap user to log to specific server

Postby KermitDaFragger » 2012/01/12 23:07:12

I think you can use "pam_filter" for that in "/etc/ldap.conf" to require the user to be part of a specific group. That way you can even manage access from your LDAP directory.
KermitDaFragger
 
Posts: 195
Joined: 2009/09/11 19:23:05
Location: the Netherlands

Re: Disallow ldap user to log to specific server

Postby jlehtone » 2012/01/13 22:17:41

User avatar
jlehtone
 
Posts: 1431
Joined: 2007/12/11 08:17:33
Location: Finland


Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: No registered users and 1 guest